130 matches found
CVE-2026-59938 pypdf: Possible large memory usage for wrong image dimensions
pypdf is a free and open-source pure-python PDF library. Prior to 6.14.0, an attacker can craft a PDF with declared image size values that are much too large compared to the actual data, causing large memory usage in pypdf image parsing. This issue is fixed in version 6.14.0...
CVE-2026-59938
CVE-2026-59938 affects the Python PDF library pypdf. Before version 6.14.0, an attacker can craft a PDF with image size values declared much larger than actual data, causing large memory usage during pypdf image parsing. Root cause: mismatch between declared image dimensions and image data in the...
CVE-2026-55380
Pillow is a Python imaging library. Prior to 12.3.0, PIL/GdImageFile.py GdImageFile.open read image dimensions from the GD 2.x header and stored them in self.size without calling Image.decompressionbombcheck, allowing a crafted .gd file to trigger excessive C-heap allocation when loaded. This iss...
RHEL 7 : ImageMagick (RHSA-2026:32961)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2026:32961 advisory. ImageMagick is an image display and manipulation tool for the X Window System that can read and write multiple image formats. Security Fixe...
EUVD-2026-36184
ImageMagick: Policy Bypass in DCM decoder could result in image with invalid dimensions...
CVE-2026-53946 Ghost: Mobiledoc image-size fetch SSRF
Ghost is a Node.js content management system. From 6.19.4 until 6.21.1, when re-rendering posts, Ghost would refetch missing image dimensions by issuing an outbound HTTP request to the URL stored on an image card — without restricting that URL to trusted image hosts. An authenticated staff user...
Astra Linux – Vulnerability in GraphicsMagick
The ReadJXLImage function in the JXL library within GraphicsMagick before version 1.3.46 has no image dimension resource limits...
Amazon Linux 2 : ImageMagick, --advisory ALAS2-2026-3373 (ALAS-2026-3373)
The version of ImageMagick installed on the remote host is prior to 6.9.10.97-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3373 advisory. ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q8-AnyCPU is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...
Allocation of Resources Without Limits or Throttling
Overview Magick.NET-Q16-OpenMP-arm64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling due to insufficient validation in the DCM decoder. An attacker can cause the application to process images with invalid dimensions, potentially leading to application crashes or denia...
Synthetic TIFF Corpus Generator for Parser Validation and Boundary Condition Testing
This Python script generates a small corpus of synthetic TIFF-like files designed for validating parser behavior across different image dimension scenarios...
JLSEC-2026-543
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opjt1clbldecodeprocessor in openjp2/t1.c because of lack of opjj2kupdateimagedimensions validation...
PT-2026-47108
OpenJPEG through 2.3.1 has a heap-based buffer overflow in opj t1 clbl decode processor in openjp2/t1.c because of lack of opj j2k update image dimensions validation...
Astra Linux – Vulnerability in openjpeg2
OpenJPEG version 2.3.1 has a heap-based buffer overflow issue in the opjt1clbldecodeprocessor function in openjp2/t1.c, due to the lack of validation for the opjj2kupdateimagedimensions function...
PT-2026-41801
Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description An out of bounds heap write can occur when reading multiple images with different dimensions. A heap write is a memory corruption issue where data is written...
Integer Overflow or Wraparound
Overview Affected versions of this package are vulnerable to Integer Overflow or Wraparound in the jpeg2000input.cpp process when calculating buffer size using signed 32-bit arithmetic. An attacker can trigger a heap overflow by providing crafted image dimensions that cause integer overflow,...
JLSEC-2026-493 JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits.
ReadJXLImage in JXL in GraphicsMagick before 1.3.46 lacks image dimension resource limits...
EUVD-2026-27075
CImg Library is a C++ library for image processing. Prior to commit 4ca26bc, there is an integer overflow vulnerability in the WHD size computation inside loadpnm that can bypass the memory allocation guard. A crafted PNM/PGM/PPM file with large dimension values causes the overflow to wrap around...